Merge branch 'master' into ssl-dhparam-fix

macbre · web-flow · commit fa67d722f2de · 2020-10-09T16:34:29.000+02:00
diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
@@ -25,7 +25,11 @@ jobs:
 
     - name: Serve a static asset
       run: |
-        docker run --detach --rm -p 0.0.0.0:8888:80 -v "$PWD/tests":/static:ro  -v "$PWD/tests/static.conf":/etc/nginx/conf.d/static.conf:ro --name test_nginx -t ${{ github.repository }}
+        docker run --detach --rm -p 0.0.0.0:8888:80 -v "$PWD/tests":/static:ro  -v "$PWD/tests/static.conf":/etc/nginx/conf.d/static.conf:ro -v "$PWD/tests/env.conf":/etc/nginx/main.d/env.conf:ro --env FOO=foo-test-value --name test_nginx -t ${{ github.repository }}
         sleep 2; docker ps
-        curl -v --compressed 0.0.0.0:8888
+        curl -v --compressed 0.0.0.0:8888 2>&1 | tee /tmp/out
+
+        # assert response headers presense
+        grep 'X-Foo: foo-test-value' /tmp/out
+
         docker logs test_nginx
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,15 @@
-FROM alpine:3.12
-
-ARG NGINX_VERSION=1.19.2
+ARG NGINX_VERSION=1.19.3
 
 # https://github.com/google/ngx_brotli
 ARG NGX_BROTLI_COMMIT=25f86f0bac1101b6512135eac5f93c49c63609e3
+
+# https://github.com/vision5/ngx_devel_kit/releases
+# https://hub.docker.com/r/firesh/nginx-lua/dockerfile
+ARG NGX_DEVEL_KIT_VERSION=0.3.1
+
+# https://github.com/openresty/luajit2/releases
+ARG LUA_NGINX_MODULE_VERSION=0.10.14
+
 ARG CONFIG="\
 		--prefix=/etc/nginx \
 		--sbin-path=/usr/sbin/nginx \
@@ -49,6 +55,9 @@ ARG CONFIG="\
 		--with-file-aio \
 		--with-http_v2_module \
 		--add-module=/usr/src/ngx_brotli \
+		--with-ld-opt="-Wl,-rpath,/usr/lib" \
+		--add-module=/tmp/ngx_devel_kit-${NGX_DEVEL_KIT_VERSION} \
+		--add-module=/tmp/lua-nginx-module-${LUA_NGINX_MODULE_VERSION} \
 	"
 
 FROM alpine:3.12
@@ -57,6 +66,8 @@ LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
 ARG NGINX_VERSION
 ARG NGX_BROTLI_COMMIT
 ARG CONFIG
+ARG NGX_DEVEL_KIT_VERSION
+ARG LUA_NGINX_MODULE_VERSION
 
 RUN \
 	apk add --no-cache --virtual .build-deps \
@@ -72,6 +83,8 @@ RUN \
 		libxslt-dev \
 		gd-dev \
 		geoip-dev \
+		luajit \
+		luajit-dev \
 	&& apk add --no-cache --virtual .brotli-build-deps \
 		autoconf \
 		libtool \
@@ -83,8 +96,14 @@ RUN \
 COPY nginx.pub /tmp/nginx.pub
 
 RUN \
-	echo "Compiling nginx $NGINX_VERSION with brotli $NGX_BROTLI_COMMIT" \
-	&& mkdir -p /usr/src/ngx_brotli \
+	echo "Fetcing lua-nginx-module $LUA_NGINX_MODULE_VERSION and nginx devel kit $NGX_DEVEL_KIT_VERSION ..." \
+	&& curl -fSL https://github.com/simpl/ngx_devel_kit/archive/v${NGX_DEVEL_KIT_VERSION}.tar.gz -o /tmp/ndk.tar.gz \
+	&& tar -xvf /tmp/ndk.tar.gz -C /tmp \
+	&& curl -fSL https://github.com/openresty/lua-nginx-module/archive/v${LUA_NGINX_MODULE_VERSION}.tar.gz -o /tmp/lua-nginx.tar.gz \
+	&& tar -xvf /tmp/lua-nginx.tar.gz -C /tmp
+
+RUN \
+	mkdir -p /usr/src/ngx_brotli \
 	&& cd /usr/src/ngx_brotli \
 	&& git init \
 	&& git remote add origin https://github.com/google/ngx_brotli.git \
@@ -102,7 +121,10 @@ RUN \
 	&& tar -zxC /usr/src -f nginx.tar.gz
 
 RUN \
-	cd /usr/src/nginx-$NGINX_VERSION \
+	export LUAJIT_LIB=/usr/lib \
+	&& export LUAJIT_INC=/usr/include/luajit-2.1 \
+	&& echo "Compiling nginx $NGINX_VERSION with brotli $NGX_BROTLI_COMMIT and lua nginx module v$LUA_NGINX_MODULE_VERSION ..." \
+	&& cd /usr/src/nginx-$NGINX_VERSION \
 	&& ./configure $CONFIG --with-debug \
 	&& make -j$(getconf _NPROCESSORS_ONLN) \
 	&& mv objs/nginx objs/nginx-debug \
@@ -147,6 +169,8 @@ RUN \
 
 FROM alpine:3.12
 ARG NGINX_VERSION
+ARG NGX_BROTLI_COMMIT
+ARG LUA_NGINX_MODULE_VERSION
 
 COPY --from=0 /tmp/runDeps.txt /tmp/runDeps.txt
 COPY --from=0 /etc/nginx /etc/nginx
@@ -171,6 +195,10 @@ RUN \
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY ssl_common.conf /etc/nginx/conf.d/ssl_common.conf
 
+ENV NGINX_VERSION $NGINX_VERSION
+ENV NGX_BROTLI_COMMIT $NGX_BROTLI_COMMIT
+ENV LUA_NGINX_MODULE_VERSION $LUA_NGINX_MODULE_VERSION
+
 EXPOSE 80 443
 
 STOPSIGNAL SIGTERM
diff --git a/nginx.conf b/nginx.conf
@@ -32,3 +32,7 @@ http {
 
     include /etc/nginx/conf.d/*.conf;
 }
+
+# this allows you to call directives such as "env" in your own conf files
+# http://nginx.org/en/docs/ngx_core_module.html#env
+include /etc/nginx/main.d/*.conf;
diff --git a/readme.md b/readme.md
@@ -1,30 +1,35 @@
-# What is this?
+## What is this?
 This project is based on Alpine Linux, the official nginx image and an nginx module that provides static and dynamic brotli compression. [Brotli](https://github.com/google/brotli) and the [nginx brotli module ](https://github.com/google/ngx_brotli) are built by Google.
 
-# How to use this image
+## How to use this image
 As this project is based on the official [nginx image](https://hub.docker.com/_/nginx/) look for instructions there. In addition to the standard configuration directives, you'll be able to use the brotli module specific ones, see [here for official documentation](https://github.com/google/ngx_brotli#configuration-directives)
 
 ```
-docker pull macbre/nginx-brotli:1.19.2
+docker pull macbre/nginx-brotli:1.19.3
 ```
 
-# What's inside
+## What's inside
 
 ```
 $ docker run -it macbre/nginx-brotli nginx -V
-nginx version: nginx/1.19.2
+nginx version: nginx/1.19.3
 built by gcc 9.3.0 (Alpine 9.3.0) 
 built with OpenSSL 1.1.1g  21 Apr 2020
 TLS SNI support enabled
-configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --add-module=/usr/src/ngx_brotli
+configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --add-module=/usr/src/ngx_brotli --with-ld-opt=-Wl,-rpath,/usr/lib --add-module=/tmp/ngx_devel_kit-0.3.1 --add-module=/tmp/lua-nginx-module-0.10.14
 ```
 
 > [nginx release notes](https://nginx.org/en/CHANGES)
 
-# SSL Grade A+ handling
+## SSL Grade A+ handling
 
 Please refer to [Mozilla's SSL Configuration Generator](https://ssl-config.mozilla.org/). This image has `https://ssl-config.mozilla.org/ffdhe2048.txt` DH parameters for DHE ciphers fetched and stored in `/etc/ssl/dhparam.pem`:
 
 ```
     ssl_dhparam /etc/ssl/dhparam.pem;
 ```
+
+## nginx config files includes
+
+* `.conf` files mounted in `/etc/nginx/main.d` will be included in the `main` nginx context (e.g. you can call [`env` directive](http://nginx.org/en/docs/ngx_core_module.html#env) there)
+* `.conf` files mounted in `/etc/nginx/conf.d` will be included in the `http` nginx context
diff --git a/tests/env.conf b/tests/env.conf
@@ -0,0 +1 @@
+env FOO;
diff --git a/tests/static.conf b/tests/static.conf
@@ -9,5 +9,10 @@ server {
         brotli_static on;
 
         expires 1d;
+
+	# test lua module, see env.conf too
+	set_by_lua $foo_from_env 'return os.getenv("FOO")';
+
+	add_header X-Foo $foo_from_env;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -32,3 +32,7 @@ http {`
`32`	`32`
`33`	`33`	`include /etc/nginx/conf.d/*.conf;`
`34`	`34`	`}`
	`35`	`+`
	`36`	`+# this allows you to call directives such as "env" in your own conf files`
	`37`	`+# http://nginx.org/en/docs/ngx_core_module.html#env`
	`38`	`+include /etc/nginx/main.d/*.conf;`
Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,10 @@ server {`
`9`	`9`	`brotli_static on;`
`10`	`10`
`11`	`11`	`expires 1d;`
	`12`	`+`
	`13`	`+ # test lua module, see env.conf too`
	`14`	`+ set_by_lua $foo_from_env 'return os.getenv("FOO")';`
	`15`	`+`
	`16`	`+ add_header X-Foo $foo_from_env;`
`12`	`17`	`}`
`13`	`18`	`}`